Let’s say there is a typical pentest report. Basically, it’s just a PDF file with all found vulnerabilities. Normally, this would be enough.
But if pentest company wants clients to be loyal and returning, they may want to think of how the pentest results will look from the customer’s side.
Does that typical pentest report answer these questions:
- What tests were processed?
- What assets were tested?
- There were 10 IP’s in scope, but there are only 3 vulnerable IP’s mentioned in pentest report. What happened to others? Were they fine or just forgotten?
There are always lots of questions from a client’s side throughout the project. It takes a lot of time to keep customers calm and fully informed. Sadly, a typical pentest report isn’t adapted for all types of their requests.
Here is what we think is a perfect solution in this case.
Our previous release includes updated checklists. They let you use methodologies such as OWASP Penetration Testing Methodologies or PTES.
Today’s release includes the feature that allows you to sync your checklists from Hive that you use while pentesting with the Apiary customer portal, which is also free and self-hosted.
So, what does that mean for you as a pentester and for your client?
- Any completed step of pentest project can be shared with a client in real-time
- RECON stage is finished? Do you start exploiting? Cool, just tick the right checklist item, and voila! It will be automatically synchronized with Apiary dashboard
- You can also control which points to share with the customer and what to keep inside your team.
Check out the video to see how it works: